There are many valuable lessons to be learned from the failed Christmas attack on a Detroit-bound airliner; throwing more money at airline security is not one of them.

The most effective means of stopping terrorist attacks is to get as far to the "left of the boom" as possible--i.e., stopping attacks before they even come close to fruition. Since 9/11 many systems and programs have been put in place to allow the U.S. government to get "left of the boom." The failed Christmas Day attack made one thing clear: The Administration has to use these tools more effectively.

Where There Is Smoke ...

On December 25, Umar Farouk Abdulmutallab, a Nigerian student, attempted to ignite a mixture of powder and liquid on a Northwest Airlines flight landing in Detroit, Michigan. Passengers helped to stop the suspect from carrying out his plot after the device failed to fully detonate.

This is the 28th foiled terror plot against the United States since 9/11. What is notable is that of the 28 failed plots, 26 were stopped by intelligence, military, and law enforcement agencies. Only two were stopped by citizens on the scene--the Detroit "firestarter" and Richard Reid, the 2001 would-be shoe bomber. In both these cases, America just got lucky--the plots were clumsy and the passengers and crew responded bravely and quickly.

Stopping the Next Attack Starts Here

Lesson #1:U.S. Security Has Not Mastered Stopping the Threat of Individuals Carrying Bombs on Their Persons. This is a lesson al-Qaeda has already learned. That is why they tried the Richard Reid-style attack again--and they will keep at it until they are stopped or they figure out how to kill lots of people.

Lesson #2:Get Smarter About Stopping the-People-Carrying-Bomb Threat. On the one hand, these types of attacks are hard to detect if the bomb can be concealed (as Reid and Abdulmutallab did) without trying to hide it under obviously bulky clothing. There are sophisticated technologies that can find these bombs, but they are expensive, time-consuming, and not universally deployed at all international airports--and terrorists are already working on ways to defeat these technologies.

There are also easy ways to find these bombs: A simple body search in secondary screening would quickly find them, as would bomb dogs or the "swipe" detection systems used in secondary screening in many airports.

Rather than spending billions of dollars more on airline security, the smarter answer would be to make sure suspicious persons are routed to secondary screening. These simple measures would still not be foolproof, though. Therefore, an even better strategy would be to break up the conspiracies that recruit, organize, train, and dispatch terrorists long before would-be bombers buy their plane tickets.

Lesson #3:Dots Were Not Connected. Fix the Problem. Adding together all the information known about Abdulmutallab and Reid paints a pretty compelling picture that they were terrorist travelers. If either had even been directed to an effective secondary screening or placed on a "no fly" list, they would have been effectively stopped. In both cases, bad decisions were made and information was not appropriately shared.

In the case of Abdulmutallab, for example, his visa probably should never have been awarded or at least revoked. Arguably, his case was mismanaged by the consular office. Consular affairs are run by the Department of State, but by law the Department of Homeland Security (DHS) is supposed to set polices for them. DHS has no such policy in place.

DHS is also supposed to have a Visa Security Officer program where security officials work side by side with the consular officers, managing the issuance of visas and conducting interviews before visas are issued. That program is moribund.

Furthermore, the Transportation Security Administration (TSA), which is supposed to screen air travelers, does not use the comprehensive U.S. terrorist databases for screening. By law, Congress requires TSA to leave screening in the hands of the airlines, which do not have access to these databases either. They are limited to the "no fly" list. These are leadership problems. They have to be addressed.

Lesson # 4: The System Failed. Richard Reid did not dream up his attack on his own. Neither did Abdulmutallab. Abdulmutallab must have been recruited by someone. He must have worked with a bomb maker. He must have had a "terrorist travel agent." That is at least four people working to kill Americans, and it adds up to a full-blown terrorist cell.

The fact that there was an active international conspiracy aimed at the U.S. that Americans knew nothing about is appalling. The U.S. has built up plenty of good counterterrorism tools, but the government has to use them and use them effectively--all the time. That is how 26 conspiracies have been thwarted.

That Congress settled for only a 60-day extension for key investigative authorities authorized under the PATRIOT Act is appalling. The Administration and Congress have to start taking the fight against terrorism more seriously.

Lesson #5: The U.S. Continues to Put Its Citizens at Risk. The U.S. spends too much time fighting common-sense security measures. Kevin Mitchell of the Business Travel Coalition recently said that since 9/11 "the highest and best use of each incremental security dollar spent should have been on intelligence gathering, risk-management analysis and sharing, and on fundamental police work such that terrorists would never reach an airport, much less board an airplane."

"Thanks, Kevin," writes former Assistant Homeland Security Secretary Stewart Baker, "[b]ut that would mean a lot more to travelers if you hadn't spent so much time after 9/11 trying to, well, stop the government from spending incremental dollars on intelligence gathering and risk-management analysis and sharing, which at the time you were calling 'invasive screening' and 'data mining.'"

The coalition and activist groups like the ACLU have battled a number of common-sense programs that are far more effective at catching terrorists and are less invasive, expensive, and time-consuming than body searching children and grandmothers and super expensive screening technologies. The U.S. can establish security measures that are effective and respect individual liberties and privacy, but this country has to start using common sense as the benchmark and leave stakeholder agendas at the door.

Time to Reverse Course

In stopping this particular kind of threat, not enough progress has been made since Richard Reid set fire to his shoe. In some respects, this Administration is moving backward. It is time to reverse course.

James Jay Carafano, Ph.D., is Deputy Director of the Kathryn and Shelby Cullom Davis Institute for International Studies and Director of the Douglas and Sarah Allison Center for Foreign Policy Studies, a division of the Davis Institute, at The Heritage Foundation.